Cisco Security Appliance Command Reference, Version 8.0
cache -- clear compression
Download this chapter
cache -- clear compressioncache -- clear compression
Download the complete book
Cisco Security Appliance Command Reference Book, Version 8.0--Whole Book PDFCisco Security Appliance Command Reference Book, Version 8.0--Whole Book PDF (PDF - 23 MB)
give_us_feedback

Table Of Contents

cache through clear compression Commands

cache

cache-fs limit

cache-time

call-agent

call-duration-limit

call-party-numbers

capture

cd

cdp-url

certificate

certificate-group-map

chain

changeto

character-encoding

checkheaps

check-retransmission

checksum-verification

cipc security-mode authenticated

class (global)

class (policy-map)

class-map

class-map type inspect

class-map type management

class-map type regex

clear aaa local user fail-attempts

clear aaa local user lockout

clear aaa-server statistics

clear access-list

clear arp

clear asp drop

clear blocks

clear-button

clear capture

clear compression


cache through clear compression Commands

cache

To enter cache mode and set values for caching attributes, enter the cache command in webvpn configuration mode. To remove all cache related commands from the configuration and reset them to their default values, enter the no version of this command.

cache

no cache

Defaults

Enabled with default settings for each cache attribute.

Command Modes

The following table shows the modes in which you enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Webvpn configuration


Command History

Release
Modification

7.1(1)

This command was introduced.


Usage Guidelines

Caching stores frequently reused objects in the system cache, which reduces the need to perform repeated rewriting and compressing of content. It reduces traffic between WebVPN and both the remote servers and end-user browsers, with the result that many applications run much more efficiently.

Examples

The following example shows how to enter cache mode: 

hostname(config)# webvpn

hostname(config-webvpn)# cache 

hostname(config-webvpn-cache)#

Related Commands

Command
Description

cache-static-content

Caches content not subject to rewriting.

disable

Disables caching.

expiry-time

Configures the expiration time for caching objects without revalidating them.

lmfactor

Sets a revalidation policy for caching objects that have only the last-modified timestamp.

max-object-size

Defines the maximum size of an object to cache.

min-object-size

Defines the minimum sizze of an object to cache.


cache-fs limit

To limit the size of the cache file system used to store images that the security appliance downloads to remote PCs, use the cache-fs limit command from webvpn configuration mode. Use the no form of this commandto return to the default value.

cache-fs limit {size}

no cache-fs limit {size}

Syntax Description

size

Size limit of the cache file system, from 1 to 32 MB.


Defaults

The default value is 20 MB.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Webvpn configuration


Command History

Release
Modification

8.0(2)

This command was introduced.


Usage Guidelines

The security appliance expands package files containing images and files for the Cisco AnyConnect VPN Client and Cisco Secure Desktop (CSD) in cache memory for downloading to remote PCs. For the security appliance to successfully expand the package files, there must be enough cache memory to store the images and files.

If the security appliance detects there is not enough cache memory to expand a package, it displays an error message to the console. The following example shows an error message reported after an attempt to install an AnyConnect VPN Client image package with the svc image command: 

hostname(config-webvpn)# svc image disk0:/vpn-win32-Release-2.0-k9.pkg

ERROR: File write error (check disk space)

ERROR: Unable to load SVC image - extraction failed

If this occurs when you attempt to install an image package, you can examine the amount of cache memory remaining and the size of any previously installed packages with the dir cache:/ command from global configuration mode. Then you can adjust the cache size limit accordingly.

Examples

The following example indicates the CSD image (located in sdesktop) and the CVC image (located in stc) use approximately 5.44 MB of cache memory: 

hostname(config-webvpn)# dir cache:/


Directory of cache:/


0      drw-  0           17:06:55 Nov 13 2006  sdesktop

0      drw-  0           16:46:54 Nov 13 2006  stc


5435392 bytes total (4849664 bytes free)

The next example limits the cache size to 6 MB: 

hostname(config-webvpn)# cache-fs limit 6

Related Commands

Command
Description

dir cache:/

Displays the contents of cache memory, including the total cache memory reserved and the remaining amount of cache memory.

show run webvpn

Displays the current WebVPN configuration, including any SSL VPN client or CSD images installed that may consume cache memory.

show webvpn csd

Displays the CSD version and installation status.

show webvpn svc

Displays the name and versions of installed SSL VPN package files.


cache-time

To specify in minutes how long to allow a CRL to remain in the cache before considering it stale, use the cache-time command in crl configure configuration mode, which is accessible from crypt ca trustpoint configuration mode. To return to the default value, use the no form of this command.

cache-time refresh-time

no cache-time

Syntax Description

refresh-time

Specifies the number of minutes to allow a CRL to remain in the cache. The range is 1 - 1440 minutes. If the NextUpdate field is not present in the CRL, the CRL is not cached.


Defaults

The default setting is 60 minutes.

Command Modes

The following table shows the modes in which you can enter the

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Crl configure configuration


command:

Command History

Release
Modification

7.0

This command was introduced.


Examples

The following example enters ca-crl configuration mode, and specifies a cache time refresh value of 10 minutes for trustpoint central: 

hostname(configure)# crypto ca trustpoint central

hostname(ca-trustpoint)# crl configure

hostname(ca-crl)# cache-time 10

hostname(ca-crl)#

Related Commands

Command
Description

crl configure

Enters crl configuration mode.

crypto ca trustpoint

Enters trustpoint configuration mode.

enforcenextupdate

Specifies how to handle the NextUpdate CRL field in a certificate.


call-agent

To specify a group of call agents, use the call-agent command in MGCP map configuration mode, which is accessible by using the mgcp-map command. To remove the configuration, use the no form of this command.

call-agent ip_address group_id

no call-agent ip_address group_id

Syntax Description

ip_address

The IP address of the gateway.

group_id

The ID of the call agent group, from 0 to 2147483647.


Defaults

This command is disabled by default.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Global configuration


Command History

Release
Modification

7.0(1)

This command was introduced.


Usage Guidelines

Use the call-agent command to specify a group of call agents that can manage one or more gateways. The call agent group information is used to open connections for the call agents in the group (other than the one a gateway sends a command to) so that any of the call agents can send the response. Call agents with the same group_id belong to the same group. A call agent may belong to more than one group. The group_id option is a number from 0 to 4294967295. The ip_address option specifies the IP address of the call agent.

Examples

The following example allows call agents 10.10.11.5 and 10.10.11.6 to control gateway 10.10.10.115, and allows call agents 10.10.11.7 and 10.10.11.8 to control both gateways 10.10.10.116 and 10.10.10.117: 

hostname(config)# mgcp-map mgcp_inbound

hostname(config-mgcp-map)# call-agent 10.10.11.5 101

hostname(config-mgcp-map)# call-agent 10.10.11.6 101

hostname(config-mgcp-map)# call-agent 10.10.11.7 102

hostname(config-mgcp-map)# call-agent 10.10.11.8 102

hostname(config-mgcp-map)# gateway 10.10.10.115 101

hostname(config-mgcp-map)# gateway 10.10.10.116 102

hostname(config-mgcp-map)# gateway 10.10.10.117 102

Related Commands

Commands
Description

debug mgcp

Enables the display of debug information for MGCP.

mgcp-map

Defines an MGCP map and enables MGCP map configuration mode.

show mgcp

Displays MGCP configuration and session information.


call-duration-limit

To configure the call duration for an H.323 call, use the call-duration-limit command in parameters configuration mode, which is accessible from policy-map configuration mode. To disable this feature, use the no form of this command.

call-duration-limit hh:mm:ss

no call-duration-limit hh:mm:ss

Syntax Description

hh:mm:ss

Specifies the duration in hours, minutes, and seconds.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Parameters configuration


Command History

Release
Modification

7.2(1)

This command was introduced.


Examples

The following example shows how to configure the call duration for an H.323 call: 

hostname(config)# policy-map type inspect h323 h323_map

hostname(config-pmap)# parameters

hostname(config-pmap-p)# call-duration-limit 0:1:0

Related Commands

Command
Description

class

Identifies a class map name in the policy map.

class-map type inspect

Creates an inspection class map to match traffic specific to an application.

policy-map

Creates a Layer 3/4 policy map.

show running-config policy-map

Display all current policy map configurations.


call-party-numbers

To enforce sending call party numbers during an H.323 call setup, use the call-party-numbers command in parameters configuration mode, which is accessible from policy-map configuration mode. To disable this feature, use the no form of this command.

call-party-numbers

no call-party-numbers

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Parameters configuration


Command History

Release
Modification

7.2(1)

This command was introduced.


Examples

The following example shows how to enforce call party numbers during call setup for an H.323 call: 

hostname(config)# policy-map type inspect h323 h323_map

hostname(config-pmap)# parameters

hostname(config-pmap-p)# call-party-numbers

Related Commands

Command
Description

class

Identifies a class map name in the policy map.

class-map type inspect

Creates an inspection class map to match traffic specific to an application.

policy-map

Creates a Layer 3/4 policy map.

show running-config policy-map

Display all current policy map configurations.


capture

To enable packet capture capabilities for packet sniffing and network fault isolation, use the capture command in privileged EXEC mode. To disable packet capture capabilities, use the no form of this command.

capture capture_name [type {asp-drop all [drop-code] | raw-data | isakmp | decrypted | webvpn user webvpn-user [url url]}] [access-list access_list_name] [buffer buf_size] [ethernet-type type] [interface interface_name] [packet-length bytes] [circular-buffer] [trace trace_count] [real-time] [dump] [detail] [trace] [match prot {host source-ip | source-ip mask | any}{host destination-ip | destination-ip mask | any} [operator port]

no capture capture-name [type {asp-drop [drop-code] | raw-data | isakmp | decrypted | webvpn user webvpn-user] [access-list access_list_name] [circular-buffer] [interface interface_name] [real-time] [dump] [detail] [trace] [match prot] {host source-ip | source-ip mask | any}{host destination-ip | destination-ip mask | any} [operator port]

Syntax Description

access-list access_list_name

(Optional) Captures traffic that matches an access list. In multiple context mode, this is only available within a context.

any

Specifies any IP address instead of a single IP address and mask.

all

Captures all the packets that the security appliance drops

asp-drop [drop-code]

(Optional) Captures packets dropped by the accelerated security path. The drop-code specifies the type of traffic that is dropped by the accelerated security path. See the show asp drop frame command for a list of drop codes. If you do not enter the drop-code argument, then all dropped packets are captured.

You can enter this keyword with packet-length, circular-buffer, and buffer, but not with interface or ethernet-type.

buffer buf_size

(Optional) Defines the buffer size used to store the packet in bytes. Once the byte buffer is full, packet capture stops.

capture_name

Specifies the name of the packet capture. Use the same name on multiple capture statements to capture multiple types of traffic. When you view the capture configuration using the show capture command, all options are combined on one line.

circular-buffer

(Optional) Overwrites the buffer, starting from the beginning, when the buffer is full.

detail

(Optional) Displays additional protocol information for each packet.

dump

(Optional) Displays a hexadecimal dump of the packets that are transported over the data link transport.

decrypted

(Optional) Decrypted TCP data is encapsulated with L2-L4 headers, and captured by the capture engine.

ethernet-type type

(Optional) Selects an Ethernet type to capture. The default is IP packets. An exception occurs with the 802.1Q or VLAN type. The 802.1Q tag is automatically skipped and the inner Ethernet type is used for matching.

host ip

Specifies the single IP address of the host to which the packet is being sent.

interface interface_name

Sets the name of the interface on which to use packet capture. You must configure an interface for any packets to be captured. You can configure multiple interfaces using multiple capture commands with the same name. To capture packets on the dataplane of an ASA 5500 series adaptive security appliance, you can use the interface keyword with asa_dataplane as the name of the interface.

isakmp

(Optional) Captures ISAKMP traffic. This is not available in multiple context mode. The ISAKMP subsystem does not have access to the upper layer protocols. The capture is a pseudo capture, with the Physical, IP, and UDP layers combined together to satisfy a PCAP parser. The peer addresses are obtained from the SA exchange and are stored in the IP layer.

mask

The subnet mask for the IP address. When you specify a network mask, the method is different from the Cisco IOS software access-list command. The security appliance uses a network mask (for example, 255.255.255.0 for a Class C mask). The Cisco IOS mask uses wildcard bits (for example, 0.0.0.255).

match prot

Specifies the packets that match the five-tuple to allow filtering of those packets to be captured. You can use this keyword up to three times on one line.

operator

(Optional) Matches the port numbers used by the source or destination. The permitted operators are as follows:

lt—less than

gt—greater than

eq—equal to

packet-length bytes

(Optional) Sets the maximum number of bytes of each packet to store in the capture buffer.

port

(Optional) If you set the protocol to tcp or udp, specifies the integer or name of a TCP or UDP port.

raw-data

(Optional) Captures inbound and outbound packets on one or more interfaces. This setting is the default.

real-time

Displays the captured packets continuously in real-time. To terminate real-time packet capture, enter Ctrl + c. This option applies only to raw-data and asp-drop captures.

trace trace_count

(Optional) Captures packet trace information, and the number of packets to capture. This is used with an access list to insert trace packets into the data path to determine whether the packet is processed as expected.

type

(Optional) Specifies the type of data captured.

url url

(Optional) Specifies a URL prefix to match for data capture. Use the URL format http://server/path to capture HTTP traffic to the server. Use https://server/path to capture HTTPS traffic to the server.

user webvpn-user

(Optional) Specifies a username for a WebVPN capture.

webvpn

(Optional) Captures WebVPN data for a specific WebVPN connection.


Defaults

The defaults are as follows:

The default type is raw-data.

The default buffer size is 512 KB.

The default Ethernet type is IP.

The default packet-length is 68 bytes.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Priveleged EXEC


Command History

Release
Modification

6.2(1)

This command was introduced.

7.0(1)

This command was modified to include the following keywords: type asp-drop, type isakmp, type raw-data, and type webvpn.

7.0(8)

Added the all option to capture all packets that the security appliance drops.

7.2(1)

This command was modified to include the following options: trace trace_count, match prot, real-time, host ip, any, mask, and operator.

8.0(2)

This command was modified to update the path to capture contents.

8.0(4)

This command was modified to include the following keyword: type decrypted.


Usage Guidelines

Capturing packets is useful when troubleshooting connectivity problems or monitoring suspicious activity. You can create multiple captures. To view the packet capture, use the show capture name command. To save the capture to a file, use the copy capture command. Use the https://security appliance-ip-address/admin/capture/capture_name[/pcap] command to see the packet capture information with a web browser. If you specify the pcap optional keyword, then a libpcap-format file is downloaded to the web browser and can be saved using the web browser. (A libcap file can be viewed with TCPDUMP or Ethereal.)

If you copy the buffer contents to a TFTP server in ASCII format, you will see only the headers, not the details and hexadecimal dump of the packets. To see the details and hexadecimal dump, you need to transfer the buffer in PCAP format and read it with TCPDUMP or Ethereal.

Note Enabling WebVPN capture affects the performance of the security appliance. Be sure to disable the capture after you generate the capture files that you need for troubleshooting.

Entering no capture without optional keywords deletes the capture. If the access-list optional keyword is specified, the access list is removed from the capture and the capture is preserved. If the interface keyword is specified, the capture is detached from the specified interface and the capture is preserved. Enter the no capture command with either the access-list or interface optional keyword unless you want to clear the capture itself.

You cannot perform any operations on a capture while the real-time display is in progress. Using the real-time keyword with a slow console connection may result in an excessive number of non-displayed packets because of performance considerations. The fixed limit of the buffer is 1000 packets. If the buffer fills up, a counter is maintained of the captured packets. If you open another session, you can disable the real-time display be entering the no capture real-time command.

Note The capture command is not saved to the configuration, and is not copied to the standby unit during failover.

Examples

To capture a packet, enter the following command: 

hostname# capture captest interface inside

hostname# capture captest interface outside

On a web browser, the contents of the capture command that was issued, named "captest", can be viewed at the following location: 

https://171.69.38.95/admin/capture/captest

To download a libpcap file (which web browsers use) to a local machine, enter the following command: 

https://171.69.38.95/capture/http/pcap

The following example shows that the traffic is captured from an outside host at 171.71.69.234 to an inside HTTP server: 

hostname# access-list http permit tcp host 10.120.56.15 eq http host 171.71.69.234

hostname# access-list http permit tcp host 171.71.69.234 host 10.120.56.15 eq http

hostname# capture http access-list http packet-length 74 interface inside

The following example shows how to capture ARP packets: 

hostname# capture arp ethernet-type arp interface outside

The following example inserts five tracer packets into the data stream, where access-list 101 defines traffic that matches TCP protocol FTP : 

hostname# capture ftptrace interface outside access-list 101 trace 5

To view the traced packets and information about packet processing in an easily readable manner, use the show capture ftptrace command.

This example shows how to display captured packets in real-time: 

hostname# capture test interface outside real-time

Warning: Using this option with a slow console connection may result in an excess amount 
of non-displayed packets due to performance limitations.

Use ctrl-c to terminate real-time capture.


10 packets displayed

12 packets not displayed due to performance limitations

Related Commands

Command
Description

clear capture

Clears the capture buffer.

copy capture

Copies a capture file to a server.

show capture

Displays the capture configuration when no options are specified.


cd

To change the current working directory to the one specified, use the cd command in privileged EXEC mode.

cd [disk0: | disk1: | flash:] [path]

Syntax Description

disk0:

Specifies the internal Flash memory, followed by a colon.

disk1:

Specifies the removable, external Flash memory card, followed by a colon.

flash:

Specifies the internal Flash memory, followed by a colon. In the ASA 5500 series, the flash keyword is aliased to disk0.

path

(Optional) The absolute path of the directory to change to.


Defaults

If you do not specify a directory, the directory is changed to the root directory.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Privileged EXEC


Command History

Release
Modification

7.0(1)

This command was introduced.


Examples

This example shows how to change to the "config" directory: 

hostname# cd flash:/config/

Related Commands

Command
Description

pwd

Displays the current working directory.


cdp-url

To specify the CDP to be included in certificates issued by the local CA, use the cdp-url command in CA server configuration mode. To revert to the default CDP, use the no form of this command.

[no] cdp-url url

Syntax Description

url

Specifies the URL where a validating party obtains revocation status for certificates issued by the local CA. The URL must be less than 500 alphanumeric characters.


Defaults

The default CDP URL is that of the security appliance that includes the local CA. The default URL is in the format: http://hostname.domain/+CSCOCA+/asa_ca.crl

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

CA server configuration


Command History

Release
Modification

8.0(2)

This command was introduced.


Usage Guidelines

The CDP is an extension that can be included in issued certificates to specify the location where a validating party can obtain revocation status for the certificate. Only one CDP can be configured at a time.

Note If a CDP URL is specified, it is the responsibility of the administrator to maintain access to the current CRL from that location.

Examples

The following example configures a CDP at 10.10.10.12 for certificates issued by the local CA server: 

hostname(config)# crypto ca server

hostname(config-ca-server)# cdp-url http://10.10.10.12/ca/crl

hostname(config-ca-server)#

Related Commands

Command
Description

crypto ca server

Provides access to CA Server Configuration mode CLI command set, which allows you to configure and manage a local CA.

crypto ca server crl issue

Forces the issuance of a CRL.

crypto ca server revoke

Marks a certificate issued by a local CA server as revoked in the certificate database and CRL.

crypto ca server unrevoke

Unrevokes a previously revoked certificate issued by a local CA server.

lifetime crl

Specifies the lifetime of the certificate revocation list.


certificate

Use the certificate command in crypto ca certificate chain configuration mode to add the indicated certificate. Whenthis command is issued, the security appliance interprets the data included with it as the certificate in hexadecimal format. A quit string indicates the end of the certificate. To delete the certificate, use the no form of this command.

certificate [ca | ra-encrypt | ra-sign | ra-general] certificate-serial-number

no certificate certificate-serial-number

Syntax Description

Syntax DescriptionSyntax Description

certificate-serial-number

Specifies the serial number of the certificate in hexadecimal format ending with the word quit.

ca

Indicates that the certificate is a CA issuing certificate.

ra-encrypt

Indicates that the certificate is an RA key encipherment certificate used in SCEP.

ra-general

Indicates that the certificate is an RA certificate used for digital signing and key encipherment in SCEP messaging.

ra-sign

Indicates that the certificate is an RA digital signature certificate used in SCEP messaging.


Defaults

No default behavior or values.

Command Modes

The following table shows the modes in which you can enter the command:

Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System

Crypto ca certificate chain configuration


Command History

Release
Modification

7.0(1)

This command was introduced.


Usage Guidelines

A CA is an authority in a network that issues and manages security credentials and public key for message encryption. As part of a public key infrastructure, a CA checks with a RA to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor information, the CA can then issue a certificate.

Examples

The following example adds a CA certificate with a serial number 29573D5FF010FE25B45: 

hostname(config)# crypto ca trustpoint central

hostname(ca-trustpoint)# crypto ca certificate chain central 

hostname(ca-cert-chain)# certificate ca 29573D5FF010FE25B45

  30820345 308202EF A0030201 02021029 572A3FF2 96EF854F D0D6732F E25B4530

  0D06092A 864886F7 0D010105 05003081 8F311630 1406092A 864886F7 0D010901

  16076140 622E636F 6D310B30 09060355 04061302 55533116 30140603 55040813

  0D6D6173 73616368 75736574 74733111 300F0603 55040713 08667261 6E6B6C69

  6E310E30 0C060355 040A1305 63697363 6F310F30 0D060355 040B1306 726F6F74

  6F75311C 301A0603 55040313 136D732D 726F6F74 2D736861 2D30362D 32303031

  301E170D 30313036 32363134 31313430 5A170D32 32303630 34313430 3133305A

  30818F31 16301406 092A8648 86F70D01 09011607 6140622E 636F6D31 0B300906

  03550406 13025553 31163014 06035504 08130D6D 61737361 63687573 65747473

  3111300F 06035504 07130866 72616E6B 6C696E31 0E300C06 0355040A 13056369

  73636F31 0F300D06 0355040B 1306726F 6F746F75 311C301A 06035504 0313136D

  732D726F 6F742D73 68612D30 362D3230 3031305C 300D0609 2A864886 F70D0101

  01050003 4B003048 024100AA 3EB9859B 8670A6FB 5E7D2223 5C11BCFE 48E6D3A8

  181643ED CF7E75EE E77D83DF 26E51876 97D8281E 9F58E4B0 353FDA41 29FC791B

  1E14219C 847D19F4 A51B7B02 03010001 A3820123 3082011F 300B0603 551D0F04

  04030201 C6300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604

  14E0D412 3ACC96C2 FBF651F3 3F66C0CE A62AB63B 323081CD 0603551D 1F0481C5

  3081C230 3EA03CA0 3A86386C 6461703A 2F2F7732 6B616476 616E6365 64737276

  2F436572 74456E72 6F6C6C2F 6D732D72 6F6F742D 7368612D 30362D32 3030312E

  63726C30 3EA03CA0 3A863868 7474703A 2F2F7732 6B616476 616E6365 64737276

  2F436572 74456E72 6F6C6C2F 6D732D72 6F6F742D 7368612D 30362D32 3030312E

  63726C30 40A03EA0 3C863A66 696C653A 2F2F5C5C 77326B61 6476616E 63656473

  72765C43 65727445 6E726F6C 6C5C6D73 2D726F6F 742D7368 612D3036 2D323030

  312E6372 6C301006 092B0601 04018237 15010403 02010130 0D06092A 864886F7

  0D010105 05000341 0056221E 03F377B9 E6900BF7 BCB3568E ADBA146F 3B8A71F3

  DF9EB96C BB1873B2 B6268B7C 0229D8D0 FFB40433 C8B3CB41 0E4D212B 2AEECD77

  BEA3C1FE 5EE2AB6D 91

  quit

Related Commands

Command
Description

clear configure crypto map

Clears all configuration for all crypto maps.

show running-config crypto map

Displays the crypto map configuration.

crypto ca certificate chain

Enters certificate crypto ca certificate chain mode.